Utku Kaplan - THE ROLE OF EXPERTISE ON CODE REVIEW FOR SECURITY: AN EYE TRACKING STUDY

Phd Candidate: Utku Kaplan

Department: Cyber Security

Date: 14 January 2019

Place: A-212 15:30

Abstract: To improve the quality of the software and find security vulnerabilities, code review is usually performed during software development activities. The experience of software developers reviewing the code may affect the quality of the code review. This study investigates whether differences between novices and experts in the detection of vulnerabilities in the code can be identified by eye tracking. Participants’ eye movements were recorded by an eye tracker while they investigated program codes for security review. The experiment was carried out with 20 programmer participants. The results showed that experienced software developers found security vulnerabilities in a shorter time than less experienced software developers. The findings also indicated that experts are more successful in terms of finding security vulnerabilities.